DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  dns.exe


SYSTEMS AFFECTED

  Win NT 4.0

  

PROBLEM


    Jason T. Luttgens upon  experimenting on port 65589  found another

    way to get the CPU utilization to rise.



    This time the kernel  percentage rises with it.   All you have  to

    do is telnet to port 65589 (this is port 53, or the DNS port as it

    is better  known), type  in one  character (it  seems as though it

    must be a letter), and  hit enter.  You  will be disconnected from

    the host and it's CPU utilization will rise.



    How much it rises and affects the system seems to highly depend on

    the setup. On a P75 with 32MB RAM, it's pegged at 100%. On a  dual

    P133 with  64MB RAM,  it averages  at 65-70%.  However, this  only

    lasts approximately 5  minutes.  The  processes eating up  the CPU

    time were a combination of services.exe and dns.exe.



    However, remote  users can  cause a  denial of  DNS service.   SNI

    (Secure Networks Inc.) provided more details in their advisory.





EXPLOIT

  

SOLUTION


    There are several solutions.  As Service Pack II (SP2) don't  help

    on this subject, You can obtain  Service Pack III (SP3) - due  out

    this quarter will  contain a fix  (writen on January  28th) or run

    your DNS service on a different platform.